<html>
	<head>
		<meta charset="utf-8">
	</head>
	<?php
		session_start();//开启session会话

		//获取登录信息
		$uname = $_POST['username'];
		$upass = $_POST['pass'];
		$uemail = $_POST['email'];
		$uphone = $_POST['phone'];
		$uname = rtrim($uname);
		$upass = rtrim($upass);
		//=====判断用户输入的用户名是否为空====================
		if ($uname == "") {
			switch ($_POST['pubID']) {
				case 'adminID':
					// header("Location:login.php?eno=4");	
					header("refresh:0;url=login.php?eno=4");
					exit();

				case 'indexID':
					// header("Location:../web/reg/login.php?eno=4");
					header("refresh:0;url=../web/reg/login.php?eno=4");
					exit();

				case 'regID':
					// header("Location:../web/reg/reg.php?eno=4");
					header("refresh:0;url=../web/reg/reg.php?eno=4");
					exit();	
				
			}
		}
		//=====判断用户输入的密码是否为空====================
		if ($upass=="") {
			switch ($_POST['pubID']) {
				case 'adminID':
					// header("Location:login.php?eno=5");	
				header("refresh:0;url=login.php?eno=5");
					exit();

				case 'indexID':
					// header("Location:../web/reg/login.php?eno=5");	
					header("refresh:2;url=../web/reg/login.php?eno=5");
					exit();

				case 'regID':
					// header("Location:../web/reg/reg.php?eno=5");
					header("refresh:2;url=../web/reg/reg.php?eno=5");
					exit();	
			}
		}

		require("../public/config.php");									//导入配置文件
		
		$link = @mysqli_connect(HOST,USER,PASS,DBNAME);						//连接数据库
		if(!$link){
			die("连接数据库失败！原因".mysqli_connect_error());
		}
		//设置字符集
		mysqli_set_charset($link,"utf8");

		
		//根据参数a的值执行对应的操作
		switch($_GET['a']){													
			//========判断是不是管理员=====================================
			case 'dologin':
				if($_POST['code'] !== $_SESSION['code']){					//效验验证码
					// header("Location:".$_SERVER["HTTP_REFERER"]."?eno=1");
					// header("refresh:0;url=index.php");
					header("refresh:0;url=login.php?eno=1");
					die();
				}
				
				$sql = "select * from users where username='{$uname}'";		//定义并发送sql语句
				$result = mysqli_query($link,$sql);
				
				if(mysqli_num_rows($result)>0){								//判断是否获取登录人信息
					$user = mysqli_fetch_assoc($result);					//解析结果集
					//效验密码
					if ($user['state']==2) {
						echo '<script>alert("该管理员已禁用！"); </script>';
						header("refresh:0;url=login.php");
						exit();
					}

					if($user['pass'] == $upass){
						//登录成功
							$_SESSION['adminuser'] = $user;	//将登录成功人的信息放到session中
						
						if($user['state']!=0){		//判断账号是否有管理员的权限没有则跳到首页
							echo '你不是管理员，准备转到网站首页';
							header("refresh:2;url=../web/index.php");
							exit;
						}else{
						// header("Location:index.php");	//判断账号是否有管理员的权限有则跳到后台
							header("refresh:0;url=index.php");
							exit;
						}
					}else{
						header("refresh:0;url=login.php?eno=3");//返回管理员登录页面并输出错误原因
						
						exit;
					}
				}else{
					header("refresh:0;url=login.php?eno=2");//返回管理员登录页面并输出错误原因
					exit;
				}
				break;

			//=====处理用户登录===============================
			case 'usedologin':
				if($_POST['code'] !== $_SESSION['code']){
					header("refresh:0;url=../web/reg/login.php?eno=2");					//效验验证码
					die();
				}
				
				$sql = "select * from users where username='{$uname}'";		//定义并发送sql语句
				$result = mysqli_query($link,$sql);
				
				if(mysqli_num_rows($result)>0){								//判断是否获取登录人信息
					$user = mysqli_fetch_assoc($result);					//解析结果集
					
					if ($user['state']==2) {
						echo '<script>alert("该用户已禁用！"); </script>';
						header("refresh:0;url=../web/reg/login.php");
						exit();
					}

					//效验密码
					if($user['pass'] == $upass){
						//登录成功
						$_SESSION['adminuser'] = $user;		//将登录成功人的信息放到session中
						
						header("Location:../web/index.php");			//登录成功后跳转到首页
						exit;
					}else{
					// header("Location:../web/reg/login.php?eno=3");//返回登录页面并输出错误原因
						header("refresh:0;url=../web/reg/login.php?eno=3");
						exit;
					}
				}else{
					// header("Location:../web/reg/login.php?eno=2");//返回登录页面并输出错误原因
					header("refresh:0;url=../web/reg/login.php?eno=2");
					exit;
				}
				break;

				//=======处理用户注册=================================
			case 'reg':	
				$uemail = rtrim($uemail);												
				if ($uemail=="") {										//判断邮箱是否为空
					// header("Location:../web/reg/reg.php?eno=6");
					header("refresh:0;url=../web/reg/reg.php?eno=6");
					exit();
				}
				//用户名验证
				$zz = "/^[a-zA-z][a-zA-Z0-9_]{2,9}$/";
				if(preg_match($zz, $uname)==0){
					echo '<script>alert("用户名不合法！"); </script>';
					header("refresh:0;url=../web/reg/reg.php");
					exit();
				}

				//邮箱验证
				$pattern = "/^([0-9A-Za-z\\-_\\.]+)@([0-9a-z]+\\.[a-z]{2,3}(\\.[a-z]{2})?)$/i";

				if(preg_match($pattern, $uemail)==0){
					echo '<script>alert("邮箱不合法！"); </script>';
					header("refresh:0;url=../web/reg/reg.php");
					exit();
				}


				if($_POST['code'] !== $_SESSION['code']){					//效验验证码
					// header("Location:../web/reg/reg.php?eno=1");
					header("refresh:0;url=../web/reg/reg.php?eno=1");
					die();
				}

				$sql = "select username from users where username='{$uname}'";//接收用户输入的用户名
				$result = mysqli_query($link,$sql);		//查找有无该用户名
				$row = mysqli_fetch_assoc($result);		//执行sql语句

				if ($row[username]) {
					// header("Location:../web/reg/reg.php?eno=7");	//如果存在则跳回注册页
					header("refresh:0;url=../web/reg/reg.php?eno=7");
					exit();
				}

				$sql = "select email from users where email = '{$uemail}'";		//判断邮箱是否被用过
				$result = mysqli_query($link,$sql);		//执行sql语句
				$row = mysqli_fetch_assoc($result);
				if($row[email]){
					// header("Location:../web/reg/reg.php?eno=8");	//跳回注册页
					header("refresh:0;url=../web/reg/reg.php?eno=8");
					exit();
				}

				$sql = "insert into users(username,pass,email,phone) values ('{$uname}','{$upass}','{$uemail}','{$phone}')";			//数据库增加一条新纪录
				$result = mysqli_query($link,$sql);
				if (mysqli_insert_id($link)>0) {
					$sql = "select * from users where username='{$uname}'";	//取出新增数据
					$result = mysqli_query($link,$sql);
					$user = mysqli_fetch_assoc($result);	//取出数据库新增用户
					$_SESSION['adminuser'] = $user;			//放到session里面
					echo "恭喜您，注册成功,正在跳转到网站首页，请稍后！";	//跳转到首页
					header("refresh:2;url=../web/index.php");
					exit();
				}else{
					echo "系统崩溃注册失败！请您重新注册";	//写入数据库失败的处理
					header("refresh:2;url=../web/reg/reg.php");
					exit();
				}
				break;

			case 'logout'://执行退出
				unset($_SESSION['adminuser']);//销毁登录信息
				if($_GET['b']=="indexID"){
					header("Location:../web/index.php");//如果是在网站首页退出的则跳回网站首页
				}else{
					header("Location:login.php");//如果是管理员跳出，则跳转到管理员登录页面
				}
				
				break;
				mysql_free_result($result);
				mysql_close($link);
		}
	?>
</html>